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What is claimed is: 

1. A method comprising: 

identifying network elements at endpoints of a data connection channel; 

generating a candidate path between the network elements at the endpoints; 

validating the candidate path by determining whether the candidate path 
provides at least a service requirement selected from a group consisting of minimum 
bandwidth, maximum bandwidth, maximum delay, maximum jitter, reliability, 
inclusion of network elements capable of acting as security gateways that bracket 
untrusted sections of the candidate path, reachability, and data collection capability; 
and 

configuring network elements along a validated candidate path to implement the 
service requirement. 

2. The method of claim 1, further comprising: 

identifying network elements at endpoints of a plurality of data connection 
channels; 

for each data connection channel, generating at least one candidate path 
between the network elements at the endpoints of the data connection channel; 

for each candidate path, validating the candidate path by determining whether 
the candidate path provides at least a service requirement selected from a group 
consisting of minimum bandwidth, maximum bandwidth, maximum delay, maximum 
jitter, reliability, inclusion of network elements capable of acting as security gateways 
that bracket untrusted sections of the candidate path, reachability, and data collection 
capability; and 
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configuring network elements along validated candidate paths to implement 
service requirements. 

3 . The method of claim 1 , further comprising recording a configuration performed 
on the network elements. 

4. The method of claim 1, further comprising: 

identifying data connection channels that have been provisioned to implement a 
service; 

for each data connection channel, identifying a path followed by the data 
connection channel and a configuration performed to implement the service at network 
elements along the path; 

undoing the configuration performed to implement the service at the network 
elements along the path; and 

removing a recording of the configuration performed to implement the service 
on the network elements along the path. 

5 . The method of claim 1 , further comprising: 
identifying a change in a routing table entry; 

identifying data connection channels provisioned on a data link connected to an 
interface referenced by the routing table entry prior to the change; 

for each data connection channel provisioned on the data link, identifying 
whether the data connection channel is affected by the change; 

for each data connection channel affected by the change, de-provisioning the 
data connection channel affected by the change; and 
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for each data connection channel affected by the change, re-provisioning the 
data connection channel affected by the change. 

6. The method of claim 1 , wherein generating a candidate path between the 
network elements at the endpoints further comprises assigning to a link in a graph that 
is not in a preferred area of a network a weight that is different than a weight assigned 
to a link in the graph that is in a preferred area of the network. 

7. The method of claim 6, wherein assigning to a link in a graph that is not in a 
preferred area of a network a weight that is different than a weight assigned to a link in 
the graph that is in a preferred area of the network further comprises adjusting a weight 
assigned to a link in the graph depending on a proportion of usage of available 
bandwidth of the link. 

8. The method of claim 7, wherein adjusting a weight assigned to a link in the 
graph depending on a proportion of usage of available bandwidth of the link further 
comprises: 

adjusting a weight assigned to a link in the graph having lighter usage relative to 
other links in the graph to a weight indicating a greater preference; and 

adjusting a weight assigned to a link in the graph having heavier usage relative 
to other links in the graph to a weight indicating a lesser preference. 

9. The method of claim 7, wherein adjusting a weight assigned to a link in the 
graph depending on a proportion of usage of available bandwidth of the link further 
comprises: 

adjusting a weight assigned to a link in the graph having heavier usage relative 
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to other links in the graph to a weight indicating a greater preference; and 

adjusting a weight assigned to a link in the graph having lighter usage relative to 
other links in the graph to a weight indicating a lesser preference. 

10. A method for a provisioning system comprising: 

a) identifying a candidate path for a newly requested service, the newly requested 
service having a service description, wherein the newly requested service is in an 
Internet Protocol (IP) network, the IP network having a plurality of routers, wherein 
the identified candidate path travels through a set of the plurality of routers; 

b) determining whether the set of the plurality of routers can be configured to meet 
a set of requirements specified by the service description; and 

c) if the set of the plurality of routers are determined to meet the set of 
requirements, then translating the set of requirements into a corresponding set of 
router management commands to configure each router in the set of the plurality of 
routers. 

1 1 . The method of claim 10, further comprising: 

d) identifying a plurality of candidate paths for a newly requested service, the newly 
requested service having a service description, wherein the newly requested service 
is in an Internet Protocol (IP) network, the IP network having a plurality of routers, 
wherein each candidate path of the plurality of candidate paths travels through a 
subset of the plurality of routers; 

e) for each candidate path, determining whether a subset of the plurality of routers 
can be configured to meet a set of requirements specified by the service description; 
and 

f) for each set of requirements, if a subset of the plurality of routers are determined 
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to meet the set of requirements, then translating the set of requirements into a 
corresponding set of router management commands to configure each router in the 
subset of the plurality of routers. 

1 2 . The method of claim 1 0, wherein the set of requirements includes one or more 
of quality of service, security, reachability, and data collection specifications. 

1 3 . The method of claim 1 0, further comprising: 

if the identified candidate path cannot fulfill the set of requirements and there 
are other untried candidate paths, then identifying a different candidate path and 
repeating steps b) and c). 

1 4. The method of claim 1 0, wherein the translating includes querying a network 
topology database to determine the capabilities of each router of the plurality of routers. 

15. A method for a provisioning system comprising: 

identifying a set of one or more candidate paths for a newly requested service in 
an Internet Protocol (IP) network having a plurality of routers, wherein each of the 
candidate paths travels through a different subset of the plurality of routers, the 
newly requested service having a service description; 

eliminating a candidate path from the set of candidate paths whose 
corresponding subset of the plurality of routers cannot be configured to meet the set 
of requirements specified by the service description; and 

translating a remaining candidate path into a set of router management 
commands to configure the subset of the plurality of routers. 
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16. The method of claim 15, wherein the set of requirements includes one or more 
of quality of service, security, and data collection specifications. 

17. The method of claim 15, wherein the identifying includes querying a 
provisioned services database to add together the bandwidth commitments of 
previously deployed services to determine if each of the candidate paths has sufficient 
uncommitted bandwidth for the newly requested service. 

18. A provisioning system comprising: 

a provisioning engine coupled to a network topology database and a provisioned 
services database, the provisioning engine to identify candidate paths for newly 
requested services in a network, each of the newly requested services having a 
corresponding service description that specifies a corresponding set of requirements, 
wherein each of the candidate paths are to include a subset of routers of a plurality of 
routers in the network, wherein the provisioning engine is to determine whether a set of 
the candidate paths meet the corresponding set of requirements; and 

a translation module coupled to the provisioning engine, the translation module 
to translate the set of requirements for a set of candidate paths that meet the 
corresponding set of requirements, the translation to generate corresponding router 
management commands to configure routers in the plurality of routers. 

1 9. The provisioning system of claim 18, wherein the set of requirements includes 
one or more of quality of service, security, and data collection specifications. 
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20. The provisioning system of claim 1 8, wherein the translation module is to store 
the configuration of the routers in the provisioned services database. 

21. A machine-readable medium that provides instructions that, when executed by a 
machine, cause the machine to perform operations comprising: 

identifying network elements at endpoints of a data connection channel; 

generating a candidate path between the network elements at the endpoints; 

validating the candidate path by determining whether the candidate path 
provides at least a service requirement selected from a group consisting of minimum 
bandwidth, maximum bandwidth, maximum delay, maximum jitter, reliability, 
inclusion of network elements capable of acting as security gateways that bracket 
untrusted sections of the candidate path, and data collection capability; and 

configuring network elements along a validated candidate path to implement the 
service requirement. 

22. The machine-readable medium of claim 2 1 , wherein operations further 
comprise: 

identifying network elements at endpoints of a plurality of data connection 
channels; 

for each data connection channel, generating at least one candidate path 
between the network elements at the endpoints of the data connection channel; 

for each candidate path, validating the candidate path by determining whether 
the candidate path provides at least a service requirement selected from a group 
consisting of minimum bandwidth, maximum bandwidth, maximum delay, maximum 
jitter, reliability, inclusion of network elements capable of acting as security gateways 
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that bracket untrusted sections of the candidate path, reachability, and data collection 
capability; and 

configuring network elements along validated candidate paths to implement 
service requirements. 

23. The machine-readable medium of claim 21 , wherein operations further 
comprise recording a configuration performed on the network elements. 

24. The machine-readable medium of claim 21 , wherein operations further 
comprise: 

identifying data connection channels that have been provisioned to implement a 
service; 

for each data connection channel, identifying a path followed by the data 
connection channel and a configuration performed to implement the service at network 
elements along the path; 

undoing the configuration performed to implement the service at the network 
elements along the path; and 

removing a recording of the configuration performed to implement the service 
on the network elements along the path. 

25 . The machine-readable medium of claim 2 1 , wherein operations further 
comprise: 

identifying a change in a routing table entry; 

identifying data connection channels provisioned on a data link connected to an 
interface referenced by the routing table entry prior to the change; 
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for each data connection channel provisioned on the data link, identifying 
whether the data connection channel is affected by the change; 

for each data connection channel affected by the change, de-provisioning the 
data connection channel affected by the change; and 

for each data connection channel affected by the change, re-provisioning the data 
connection channel affected by the change. 

26 . The machine-readable medium of claim 2 1 , wherein operations further 
comprise assigning to a link in a graph that is not in a preferred area of a network a 
weight that is different than a weight assigned to a link in the graph that is in a 
preferred area of the network. 

27. The machine-readable medium of claim 26, wherein assigning to a link in a 
graph that is not in a preferred area of a network a weight that is different than a weight 
assigned to a link in the graph that is in a preferred area of the network further 
comprises adjusting a weight assigned to a link in the graph depending on a proportion 
of usage of available bandwidth of the link. 

28. The machine-readable medium of claim 27, wherein adjusting a weight 
assigned to a link in the graph depending on a proportion of usage of available 
bandwidth of the link further comprises: 

adjusting a weight assigned to a link in the graph having lighter usage relative to 
other links in the graph to a weight indicating a greater preference; and 

adjusting a weight assigned to a link in the graph having heavier usage relative 
to other links in the graph to a weight indicating a lesser preference. 
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29. The machine-readable medium of claim 27, wherein adjusting a weight 
assigned to a link in the graph depending on a proportion of usage of available 
bandwidth of the link further comprises: 

adjusting a weight assigned to a link in the graph having heavier usage relative 
to other links in the graph to a weight indicating a greater preference; and 

adjusting a weight assigned to a link in the graph having lighter usage relative to 
other links in the graph to a weight indicating a lesser preference. 

30. A machine-readable medium that provides instructions that, when executed by a 
machine, cause the machine to perform operations comprising: 

a) identifying a plurality of candidate paths for a plurality of newly requested 
services, each one of the newly requested services having a service description, 
wherein the newly requested services are in an Internet Protocol (IP) network, the 
IP network having a plurality of routers, wherein the identified candidate path 
travels through a subset of the plurality of routers; 

b) for each service description, determining whether the subset of the plurality of 
routers can be configured to meet a set of requirements specified by the service 
description; and 

c) for each set of requirements, if the subset of the plurality of routers are 
determined to meet the set of requirements, then translating the set of requirements 
into a corresponding set of router management commands to configure each router 
in the subset of the plurality of routers. 

3 1 . The machine-readable medium of claim 30, wherein operations further 
comprise: 
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3 d) identifying a plurality of candidate paths for a plurality of newly requested 

4 services, each one of the newly requested services having a service description, 

5 wherein the newly requested services are in an Internet Protocol (IP) network, the 

6 IP network having a plurality of routers, wherein the identified candidate path 

7 travels through a subset of the plurality of routers; 

8 e) for each service description, determining whether the subset of the plurality of 

9 routers can be configured to meet a set of requirements specified by the service 
10 description; and 

n f) for each set of requirements, if the subset of the plurality of routers are 

12 determined to meet the set of requirements, then translating the set of requirements 

13 into a corresponding set of router management commands to configure each router 

14 in the subset of the plurality of routers. 

1 32. The machine -readable medium of claim 30, wherein the set of requirements 

2 includes one or more of quality of service, security, and data collection specifications. 

1 33. The machine-readable medium of claim 30, wherein operations further 

2 comprise: 

3 if the identified candidate path cannot fulfill the set of requirements and there 

4 are other untried candidate paths, then identifying a different candidate path and 

5 repeating steps b) and c). 

1 34. The machine-readable medium of claim 30, wherein the translating includes 

2 querying a network topology database to determine the capabilities of each router of the 

3 plurality of routers. 
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35. A machine-readable medium that provides instructions that, when executed by a 
machine, cause the machine to perform operations comprising: 

identifying a set of one or more candidate paths for a newly requested service in 
an Internet Protocol (IP) network having a plurality of routers, wherein each of the 
candidate paths travels through a different subset of the plurality of routers, the 
newly requested service having a service description; 

eliminating a candidate path from the set of candidate paths whose 
corresponding subset of the plurality of routers cannot be configured to meet the set 
of requirements specified by the service description; and 

translating a remaining candidate path into a set of router management 
commands to configure the subset of the plurality of routers. 

36. The machine-readable medium of claim 35, wherein the set of requirements 
includes one or more of quality of service, security, and data collection specifications. 

37. The machine-readable medium of claim 35, wherein the identifying includes 
querying a provisioned services database to add together the bandwidth commitments 
of previously deployed services to determine if each of the candidate paths has 
sufficient uncommitted bandwidth for the newly requested service. 
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